DE102007015788B3 - Multimedia device and method for data transmission in a multimedia device - Google Patents

Abstract

The multimedia device has a remote control with which a multimedia device can be controlled wirelessly. For a connection between remote control and multimedia device, the remote control must identify to the multimedia device, which is done via a hardware device, in particular a SIM card. Furthermore, the individual user needs to identify himself to the multimedia device, which is done via a hardware device for acquiring biometric data. The respective identification data is encrypted with asymmetric cryptography. During initialization between these two devices, data for the identification of the remote control and the respective person are transmitted in encrypted form to the multimedia device and stored there encrypted. When establishing a connection after initialization, the corresponding data from the remote control to the multimedia device with another key again asymmetrically encrypted and decrypted in the multimedia device. The corresponding data stored there are also decrypted and compared with the received decrypted data.

Description

The The invention relates to a multimedia device according to the preamble of claim 1 and to a method for data transmission at a multimedia facility according to the generic term of claim 2.

Device and method of this kind are from the DE 198 58 310 B4 known.

• – es kann eine "Kindersicherung" vorgesehen sein, die nur ausgewählte Fernsehkanäle freigibt und/oder nur zu vordefinierten Zeiten überhaupt einen Fernsehempfang zuläßt;
• – Fernsehgewohnheiten können vorprogrammiert werden, beispielsweise daß ein bestimmter Benutzer an bestimmten Wochentagen zu bestimmten Zeiten bestimmte Sendungen auf bestimmten Kanälen sieht;
• – für jeden Benutzer kann eine Liste bevorzugter Fernsehkanäle erstellt werden, die als "Favoriten" in einem Auswahlmenü bevorzugt angezeigt werden;
• – je nach Benutzer und Gerät kann die Tastenbelegung der Tasten der Fernsteuerung verändert werden;
• – bei interaktiven Systemen, wie interaktivem Fernsehen, Homeshopping, Homebanking, Video an demand oder ähnlichem können Sicherungen vorgesehen sein, beispielsweise Begrenzungen für Bestellungen von Waren oder Filmen, Arten von Filmen (z. B. jugendfrei) usw.

Today's devices of consumer electronics, such. As televisions, audio equipment, DVD devices, satellite receivers, video recorders, set-top boxes, etc., are usually operated by a remote control, which usually communicates wirelessly via an infrared or radio link with the corresponding devices. All of these multimedia devices, which today include computers, are referred to below as "devices". All these devices and increasingly also in households located devices such. As garage door controls, alarm systems, heating controls, household and kitchen appliances and telecommunications equipment such as telephone, fax, Internet access, are now increasingly networked and controlled as possible by only a single remote control. Many of the mentioned devices can be configured individually for different users and adapted to the preferences of the respective user. Using the example of a television receiver, some little-known adjustments are explained:

• It may be provided a "parental control" that releases only selected TV channels and / or only at predefined times allows a television reception at all;
• TV viewing habits can be preprogrammed, for example, that at certain times of the day, certain users see certain programs on certain channels;
• For each user, a list of preferred television channels may be created, which are preferably displayed as "favorites" in a selection menu;
• - Depending on the user and device, the key assignment of the buttons of the remote control can be changed;
• - Interactive systems such as interactive television, home shopping, home banking, video on demand or similar may provide for backups, such as restrictions on orders for goods or films, types of films (eg, adult), etc.

Out above reasons It is necessary to connect the remote control automatically to the respective Customize and individual access rights to configure and unlock.

For this purpose, it has been proposed several times to equip the remote control with an identification device that automatically detects an access authorized person. So that beats DE 198 58 310 B4 a fingerprint reader in the remote control, which detects biometric data of the user by means of sensors and activates an individual operating profile when the authorized person has access rights.

Other biometric data acquisition devices, such as a voice recognition circuit, an iris scanner, and a face recognition device have also been proposed (cf. WO 02/17627 A2 ).

Particularly often the fingerprint of a person is used for identification, such as. B. in the US 2001/0007592 A1 . US 2005/0149870 A1 . US 5,758,257 . US 5,771,307 . US 5,920,642 . US 6,020,882 . US 6,130,726 . US 6,137,539 . US 6,914,517 B2 . US 6,968,565 B1 or WO 01/56213 A1 described.

• – Es soll ein hohes Maß an Sicherheit gewährleistet sein, was beinhaltet, daß ein Gerät nicht durch eine fremde Fernsteuerung betrieben werden kann und daß nicht "unbefugt" ein neuer Benutzer angelegt werden kann;
• – der Hardware-Aufwand der Fernsteuerung soll möglichst gering sein;
• – der Stromverbrauch der Fernsteuerung soll möglichst gering sein;
• – die Kommunikation zwischen Fernsteuerung und Gerät soll möglichst "abhörsicher" sein, was insbesondere deswegen von erhöhter Bedeutung ist, weil es eine Vielzahl von programmierbaren Fernsteuerungen auf dem Markt gibt, die von einer Original-Fernsteuerung ausgesandte Signale aufzeichnen, speichern und wiedergeben können.

In all of these remote controls with person recognition, the following problems arise:

• - It should be ensured a high level of security, which means that a device can not be operated by a foreign remote control and that not "unauthorized" a new user can be created;
• - The hardware complexity of the remote control should be as low as possible;
• - The power consumption of the remote control should be as low as possible;
• - The communication between the remote control and device should be as safe as possible "tap-proof", which is particularly important because there are a variety of programmable remote controls on the market that can record, store and play signals emitted by an original remote control.

To increase security, there are several suggestions. So that beats US 2001/0007592 A1 to query a sequence of multiple fingerprints of different fingers.

The EP 1 286 518 A2 proposes to equip at least one button of the remote control with a fingerprint reader, so that each time when calling certain functions, such. B. channel change, confirmation button or the like, a review of the authorized user is made.

To increase access security is in the older, not pre-published German patent application 10 2006 042 014 proposed by the Applicant, in addition to a reading device for biometric data, in particular a fingerprint pressure reader to provide yet another hardware device that identifies the remote control as such, which is realized in the specific embodiment by a so-called SIM card. Thus, at least the creation of a new user profile or the modification of an existing user profile is only possible if the SIM card is inserted in the remote control.

task The invention is the aforementioned multimedia device and the method for data transmission in a multimedia device of the type mentioned in that regard to improve that at low hardware complexity of the remote control a high transmission reliability of Data from the remote control to the device is guaranteed.

These Task is for the multimedia device by the in claim 1 and for the method solved by the features specified in claim 2.

advantageous Refinements and developments of the invention are described in the dependent claims.

Short summarized This will be the subtask of the reduced hardware overhead solved, that the biometric data collected by the remote control, transferred to the device and only be evaluated there. The evaluation of biometric data requires relatively high processing power in the device anyway exists while capturing the biometric data, for example with a fingerprint reader only comparatively lower computing power required, so that in the Remote control a simpler and thus less expensive processor can be used, which then also a lower power consumption Has. The raised Security of data transmission is by a special encryption of the remote control transferred to the device Data guaranteed including data stored on the SIM card.

in the The following is the invention with reference to an embodiment in connection in more detail explained.

It shows:

1 a block diagram of a multimedia device with remote control and multimedia device;

2 a flow chart of the steps of the method in the initialization of a connection between the remote control and device;

3 a Flußdiagram the steps of the method in an identification process.

1 shows a remote control 1 that a device 2 controls, with the device 2 in turn, can control a variety of other devices, as indicated above. In 1 only the components relevant for the control are shown.

The remote control 1 contains a microprocessor 3 , a store 4 , a SIM card reader 5 , a keyboard 6 and a facility 7 for acquiring biometric data, in particular a device for detecting a fingerprint. Furthermore, the remote control includes a transmitting / receiving device 8th , preferably for transmitting and receiving infrared signals. The mentioned assemblies 4 - 8th are to the microprocessor 3 connected.

The memory 4 can be divided into several subgroups and have, for example, a read-only memory for programs and a working memory. One in the SIM card reader 5 to be inserted SIM card contains in a conventional manner also one or more memory. The transmitting / receiving unit 8th is via a bidirectional wireless radio connection 9 with the device 2 in connection. The device 2 also contains a microprocessor 10 , a store 11 , which also contains a program memory and a working memory and another memory, here as a user database 12 is designated and finally a transmitting / receiving unit 13 connected to the transceiver unit 8th the remote control in wireless connection 9 stands.

The microprocessor 10 has an exit 14 that has an interface 15 communicates with one or more devices to be controlled.

To the interface 15 can with known compounds, for. As "SCART" cable, "USB" port or similar, any number of different devices to be controlled to be connected.

It should be emphasized that the microprocessor 3 the remote control 1 has a lower processing power than the microprocessor 10 of the device. He also has a lower power consumption and is cheaper.

• 1. Eine persönliche Identifikationsnummer (sog. PIN),
• 2. persönliche Daten eines Benutzer, wie z. B. Name, Geburtsdatum, Geschlecht, Kreditkartennummer etc.,
• 3. einen ersten privaten Schlüssel (PrivK 1), wobei die unter 2. und 3. genannten Daten nur nach Eingabe der unter 1. genannten PIN zugänglich sind.

With reference to 2 Now the initialization phase is described. First, in one step 20 the SIM card into the SIM card reader 5 of the 1 be used. The SIM card contains the following stored data:

• 1. A personal identification number (so-called PIN),
• 2. personal data of a user, such as. Name, date of birth, gender, credit card number etc.,
• 3. a first private key (PrivK 1), whereby the data mentioned under 2. and 3. are accessible only after entering the PIN mentioned under 1.

• 4. einen zweiten privaten Schlüssel (PrivK 2),
• 5. einen persönlichen Identifikationscode (PIC),
• 6. einen ersten öffentlichen Schlüssel (PubK 1) und
• 7. einen zweiten öffentlichen Schlüssel (PubK 2).

Furthermore, the SIM card contains the following freely accessible data:

• 4. a second private key (PrivK 2),
• 5. a personal identification code (PIC),
• 6. a first public key (PubK 1) and
• 7. a second public key (PubK 2).

As will be explained in more detail below, the keys PubK 1 and PrivK 1 form a first and the keys PubK 2 and PrivK 2 a second pair of keys used for encryption and decryption. In this case, a so-called asymmetric cryptography is used, in which a key of one of the mentioned pairs, usually the so-called public key, is used for encrypting data and for decrypting the other key of the pair, usually the so-called private key. For encryption and decryption thus different keys are used. Decryption of data with the key used for encryption is not possible. The algorithms for encryption and decryption are known in principle. For example, reference is made to the asymmetric encryption algorithms RSA, the Rabin cryptosystem or the Elgamal cryptosystem. After inserting the SIM card, the PIN is first requested (step 21 ), via the keyboard 6 ( 1 ) and is usually a four-digit number. Thus, the SIM card is unlocked and over the PIN locked above personal data and the private first key PrivK 1 are accessible.

The remote control then transmits via the transceiver 8th the first private key PrivK 1 (step 22 ) and the second public key PubK 2 (step 24 ) to the device 2 where they are from the transmitting / receiving unit 13 received and via the microprocessor 10 In the storage room 11 be saved (steps 22 - 25 ). Then, the biometric data of the user via the fingerprint reader 7 read in (step 27 ) and to the device 2 transfer (step 28 ), where they are encrypted with the previously received and stored public key PubK 2 (step 29 ). Similarly, the personal identification code PIC is retrieved from the SIM card and sent to the device 2 transfer (step 30 ), where it is also encrypted with the public key PubK 2 (step 31 ). Then the personal data of the user is either retrieved from the SIM card or entered via the keyboard and to the device 2 transfer (step 32 ), where they also step with the second public key PubK 2 33 be encrypted.

• – den unverschlüsselten ersten privaten Schlüssel PrivK 1,
• – die mit dem Schlüssel PubK 2 verschlüsselten biometrischen Daten des Benutzers,
• – den verschlüsselten persönlichen Identifikationscode (PIC) und die verschlüsselten persönlichen Daten, jeweils mit PubK 2 verschlüsselt.

The second public key PubK 2, in step 25 in the device 2 is saved after these operations in step 34 deleted. From the stored and partially encrypted data is then stored in the user database 12 created and saved a user profile that initially contains the following data:

• The unencrypted first private key PrivK 1,
• The user's biometric data encrypted with the PubK 2 key,
• - the encrypted personal identification code (PIC) and the encrypted personal data, each encrypted with PubK 2.

In addition, can the user to the personal Add more data to data, such as B. channel list preferred TV channels, key assignments of the keys remote control, locked TV channels, TV times, etc.

Of the described initialization process is to be classified as critical in this respect, as the first private key PrivK 1 wirelessly transmitted and thus can be "intercepted" if a suitable receiver within reach. Infrared transmission is the danger the existence suitable receiver within range, but very small, since the range is strong is limited and an undisturbed visual connection is required.

Subsequently, however, high security is given, since the remaining data is encrypted with the public key PubK 2, which after initialization in the device 2 is deleted and this data can not be decrypted with the private first key PrivK 1.

to further increase Security can also be the key PrivK 1 on the SIM card deleted so that he referred to as a "private" key which is only available to the device.

In connection with 3 Now the normal identification process is described, with which a connection between the remote control 1 and the initialized device 2 is built. It is assumed that the remote control 1 Ready to send and the device 2 are ready to receive.

In one step 35 For example, the user biometric data is read, for example, by the user placing a finger on the fingerprint segerät 7 sets, reads in the corresponding image data. This image data can be in one step 35 be compressed, which according to known data compression methods, such. As the Huffman code occurs.

This compressed image data is in one step 37 the personal identification code PIC is added, either from the SIM card or the memory 4 ( 1 ) is read out. Continue in step 38 The second private key PrivK 2 is added, also from the SIM card or the memory 4 is read out. This entire data packet consists of the compressed biometric data, the PIC and the key PrivK 2. This data packet is combined with the first public key PubK 1 in one step 39 encrypted. In addition, optional block coding and a so-called forward error correction (FEC) can be performed (step FEC) 40 ).

Then the data thus generated are sent to the device 2 over the radio link 9 transfer (step 41 ) and from the device 2 receive (step 42 ). There, these data are first decrypted with the private key PrivK 1 stored in the user database (step 43 ), from which one obtains a record with PrivK 2, PIC and the biometric data (block 44 ), from which in step 45 the second private key PrivK 2 is extracted. The biometric data and the PIC are stored in memory 11 cached. With the now decrypted and extracted second private key PrivK 2 are in step 46 in the user database 12 stored and encrypted with the public key PubK 2 before storing data, namely the PIC, the biometric data and the personal data and in the subsequent step 47 the now decrypted data from the user database and the received data are compared. Conveniently, the PIC is first compared. If this does not match, the received data is not from an authorized remote control, so that further steps can be aborted. Optionally, a request for repeated transmission can be generated, which is displayed for example on a screen of the TV or as a return signal over the radio link 9 to the remote control 1 transmitted and displayed there.

If a comparison of the PIC reveals an authorized remote control, the biometric data is compared (step 47 ) and if there is a match, the microprocessor gives 10 a release signal at its output 14 to the interface 15 out (step 48 ). It can then be a secured, authorized operation of the device 2 and the other devices connected to it by the remote control 1 be performed. Next can also be over the radio link 9 the key assignment of the keys 6 the remote control 1 according to the identified user. Also will be on the radio link 9 the remote control sends an acknowledgment signal for a successful logon, which in the remote control sensitive data in the memory 4 deletes, in particular the biometric data recorded. Similarly, also in memory 11 the device deleted the data to be compared with each other, so that the memory 11 and 4 the remote control 2 and the device 1 after successful registration are back in their original state. It can then be the normal operation between remote control 1 and device 2 be recorded, which can also be bidirectional.

For security reasons, it may also be provided that the authorized connection is interrupted after a predetermined time and a new application in accordance with in connection with 3 is to be made steps described. It can also be provided that a renewed identification is to be carried out for certain, safety-relevant control processes, for example when transmitting name, address or credit card number via connected communication devices.

When initializing according to the above related to 2 described user steps can also be given user rights in the personal data of the user, for example, with regard to creating or changing user profiles, so that, for example, only certain people who are identified by their biometric data, are entitled to create new users in the user database or specific individual Change users assigned rights. Other data, which are also stored in the personal data, however, can be arranged so that the individual user can freely change after its identification, such. B. key assignment of the remote control, favorites list of individual TV channels, as far as they are released.

In summary, a very high degree of safety is achieved with the invention. Even if the device gets into the hands of unauthorized persons without a SIM card, it will not be possible to access the protected biometric data and the protected personal data. Only if an unauthorized person has the device and the SIM card available, then it is theoretically possible to decrypt the protected data stored in the user database with the first key PubK 1 stored on the SIM card. For this, however, the user must then have immediate access to the user database, which requires high technical effort. Here can be provided by the manufacturer that the corresponding memory is protected so that either no access from the outside is possible or its content is automatically deleted when trying to expand the memory. In any case, it is advisable to delete the memory containing the user database before the device is handed over to third parties.

Claims (6)

Multimedia device with a remote control ( 1 ) - a first microprocessor ( 3 ), - a first hardware device ( 5 ) for identifying the remote control ( 1 ), - a second hardware device ( 7 ) for collecting biometric data of a person and - a transmitting device ( 8th ) for transmitting data, and with a multimedia device ( 2 ), which - a receiving device ( 13 ) to receive the data, a memory ( 11 . 12 ) and a second microprocessor ( 10 ), characterized in that the first hardware device comprises a SIM card ( 5 ), on which are stored: - a first pair of digital keys (PubK 1, PrivK 1), - a second pair of digital keys (PubK 2, PrivK 2), - a personal identification code (PIC), and personal Data of at least one user that the memory ( 12 ) of the multimedia device ( 2 ) stores after initial initialization the following data: - only one key (PrivK 1) of the first pair of digital keys, - only one key (PubK 2) of the second pair of digital keys, - each with the single key (PubK2 ) the second pair of digital keys encrypted biometric data, a user's personal data and the also encrypted personal identification code (PIC); that when establishing a connection between the remote control ( 1 ) and the multimedia device ( 2 ) the second hardware device ( 7 ) reads biometric data of the user, adds to them the personal identification code (PIC) and the other key (PrivK 2) of the second pair of digital keys, encrypts a data packet thus formed with the other key (PubK 1) of the first pair of digital keys and the encrypted data record to the multimedia device ( 2 ) transmits that the multimedia device ( 2 ) decrypts the received encrypted record with the stored one key (PrivK 1) of the first pair of digital keys, extracts therefrom the other key (PrivK 2) of the second pair of digital keys, the personal identification code (PIC) and the biometric data, from the memory ( 12 ) reads out the encrypted biometric data, the encrypted personal data and the encrypted personal identification code (PIC) and decrypts them with the other key (PrivK 2) of the second pair of digital keys, compares the received decrypted personal identification code and the decrypted stored personal identification code with each other and if matched, compares the received decrypted biometric data and the stored decrypted biometric data, and only if the multimedia device ( 2 ) unlocks. Method for data transmission in a multimedia device according to claim 1, comprising the following steps: storing a first key (PrivK 1) of a first pair of digital keys in a memory of a multimedia device, storing data encrypted with a first key (PubK 2) of a second pair of digital keys User data containing biometric data, a personal identification code (PIC) and personal data, reading biometric data of a user into a remote control, adding a personal identification code (PIC) from a memory and a second key (PrivK 2) of the second pair of digital keys for forming a record, encrypting this record with the second key of the first pair of digital keys, transmitting the so encrypted record to a multimedia device, decrypting the received record with the stored first en key (PrivK 1) of the first pair of digital keys, extracting the second key (PrivK 2) of the second pair of digital keys, the personal identification code (PIC) and the biometric data from the decrypted data set; Decrypting the encrypted data stored in the memory of the multimedia device with the extracted decrypted second key of the second pair of digital keys, comparing the decrypted received identification code with the decrypted stored personal identification code, and matching the received decrypted biometric data with the stored decisions rarely biometric data, and activation of the multimedia device, if the comparison of the biometric data results in a match. Method according to claim 2, characterized in that that the read into the remote control biometric data before formation of the record. Method according to claim 3, characterized that this Compress after the Huffman code is done. Method according to one of claims 2 to 4, characterized that the block encoded by the remote control to the multimedia device to be transmitted record becomes. Method according to one or more of claims 2 to 5, characterized in that the of the remote control to the multimedia device to transmis ing record with a Forward error correction is provided.